A computerized network system typically comprises various computing devices and other equipment enabling communication of data between the devices. Physical computing devices are often called hosts. A host may also be a virtual computing device or a container such as a Linux™ container or equivalent within a physical computing device. Each host may comprise or be associated with one or more user accounts, processes, and/or files.
A user can access a host by means of a user device configured for communication in the computerized network system. A host to be accessed is sometimes referred to as a target host. Users may wish to access hosts in a computerized network for various reasons. For example, hosts can provide a wide variety of services and/or store files or other content users may wish to use. Various arrangements for accessing hosts and other entities in a computerized network system can be configured. Non-limiting examples of these include web-based access, security protocol (e.g. secure shell protocol; SSH) based access, file transfer access, remote procedure call access, and/or software upgrade access. Such access may be used by, e.g., end users, automation, and/or by system administrators.
Data communications, access to hosts, user devices and hosts itself can be vulnerable to attacks by unauthorised parties. Hence security considerations are of importance. For example, organizations such as businesses, governmental or municipal organizations or non-profitable organizations and also individual users typically want to control how their computer systems and data stored therein can be accessed and used.
Various solutions for enhancing data security have been suggested. Some of these are based on use of keys. Keys can be used e.g. for encryption of data communicated between devices and/or encryption of stored data. In addition to cryptography, keys are also used for authentication and authorisation functions, digital signatures and so on. Public and secret keys are used. In public key cryptography, or asymmetric cryptography, a pair of public and private keys is used. The public keys may be disseminated widely whereas the private keys are known only to the owner. This accomplishes the authentication (the public key is used to verify that a holder of the paired private key sent the message) and encryption (only the holder of the paired private key can decrypt the message encrypted with the public key). Another security feature is based on use of certificates used to verify or sign keys. A public key certificate can be used to prove the ownership of a public key. A public key certificate is an electronic document, also known as a digital certificate or identity certificate that includes information about the key, information about the identity of the proprietor of the key, and the digital signature of an entity that has verified that the contents of the certificate are correct. The principle is that if the signature is valid, and the person examining the certificate trusts the signer, then that key can be used to securely communicate with its proprietor. Certificates are considered to provide a good defence in preventing an attacker from impersonating a secure website or other server. Certificates are signed by a certificate authority (CA). The CA can be a trusted party or organisation, e.g., a company that charges customers to issue certificates for them. In a web of trust scheme, the signer can be an owner of a key (a self-signed certificate) or other users (“endorsements”) whom the person examining the certificate might know and trust.
Keys and certificates are widely used in computerized network systems for enhancing security. Such widespread use can cause problems. For example, a large number of certificates may be in use in any organisation and/or computerised system. Some of these can be in use in the system without anyone realising/without being accounted for. A particular problem can be caused by certificates that have no set expiry, or expire only after a long period of time. Also, certificates may have been issued to users whose access rights have expired, for example ex-employees or sub-contractors. As long as the certificate exists and has not been revoked, it can be used for access to a host. Furthermore, once a connection is established in response to a request for access to a host it may stay open for a long period of time, even indefinitely.
It is possible to scan a system to weed out any old and/or unused and/or otherwise suspect certificates and/or keys and old open connections. However, a scan can take quite a while and/or may also miss something that should not be in use.
Managing certificates, other authenticators and security features and old connections can become even more problematic in virtualised environments and cloud computing where a number of physical entities may provide a user with an access to a host. For example, a service may be provided for a user accessing the service in different sessions by different physical entities or hosts in the cloud, resulting a certificates and/or keys being used in a number of locations. Further, different types of hosts may require use of different authenticators for the access. User may not be aware of this, for example whether he/she is trying to access a legacy or cloud type host. This can set considerable challenges for managing the use of keys and certificates, and access to hosts in general.
It is noted that the above discussed issues are not limited to any particular communication protocol and data processing apparatus but may occur in any computerised system where authenticators such as certificates are used to enhance data security.
Embodiments of the invention aim to address one or several of the above issues.